init commit

2021-10-15 20:23:17 -04:00
commit 395e4dd471
8 changed files with 217 additions and 0 deletions
--- a/roles/immortal/files/burnedid_rsa.pub
+++ b/roles/immortal/files/burnedid_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRkk8xkOAL5omrUASGOEEiKHaLeQDsKEnB8K8VZ6TRfDXSMciXK4ys7d+Y2sCs4pOnARoBrnDQ96B3AtiUYommoDU3byYAkGA0ouAtgJe1FReSyDEcsPHa5CJy36xPykm1uj/3m+7r6wIzAQHfwBzBFP0nm+BgnD44xypkP/luqCHAWqZLjR7ndIUVnn6WvztnZcxwkN1PPw46qTR8aK2guApNeWetoZIv1v9MwEfiL6dNxe3uRW8P9ohuv5BzeLIdxLQGgHKPXkm0ywaxUu1goObRr9EwKrzB3N1gVmsakCOJNVHy/8l/IkyrivWdHTfy+QmfAfyrTPYzzewUNCNir1rLtGPDfzPzNnOhkYNaZbBrjgQ0v50O7SxaG+QjFrsgY5IUM7Vz4OoRvtwdlrYGplcAwYOlrRNoMKnegEr9XWwVAM3X+rKsh3iKuiVOPALL3fMAMWPNLlYNnNzNpaEjbe1uE6jUdAnsYSah+7Y3wdOmYniHL9Im/iAuIMP4eU= Hello red team, how are you today
--- a/roles/immortal/tasks/main.yml
+++ b/roles/immortal/tasks/main.yml
@@ -0,0 +1,84 @@
+---
+- name: Generate password
+  delegate_to: localhost
+  shell: bash autopassword.sh {{ inventory_hostname }}
+  register: genPass 
+    
+- name: Backup ssh config
+  fetch:
+    src: /etc/ssh/sshd_config
+    dest: "{{ inventory_hostname }}"  
+
+- name: Backup os-release
+  fetch:
+    src: /etc/os-release
+    dest: "{{ inventory_hostname }}"  
+
+- name: Backup etc/passwd
+  fetch:
+    src: /etc/passwd
+    dest: "{{ inventory_hostname }}"
+
+- name: Get users
+  get_users:
+    min_uid: {{ (ansible_os_family == 'RedHat') | ternary(500,1000) }}
+    max_uid: 65000
+    register: users_list
+
+- name: Give root exclusively the current controller user's SSH key
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
+    exclusive: yes
+    become: yes
+
+- name: Give all users exclusively the current controller user's SSH key
+  ansible.posix.authorized_key:
+    user: {{item}}
+    state: present
+    key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
+    exclusive: yes
+    become: yes
+    loop: "{{ users_list.users }}"
+
+- name: Ensure UFW is installed
+  package:
+    name: ufw
+    state: present
+
+- name: Configure ufw defaults
+  ufw: direction={{ item.direction }} policy={{ item.policy }}
+  with_items:
+    - { direction: 'incoming', policy: 'deny' }
+    - { direction: 'outgoing', policy: 'allow' }
+  notify:
+    - restart ufw
+
+- name: Configure ufw rules
+  ufw: rule={{ item.rule }} port={{ item.port }} proto={{ item.proto }}
+  with_items:
+    - { rule: 'limit', port: '22', proto: 'tcp' }
+  notify:
+    - restart ufw
+
+- name: Enable ufw logging
+  ufw: logging=on
+  notify:
+    - restart ufw
+
+- name: Enable ufw
+  ufw: state=enabled
+
+- name: Change root password
+  user:
+    name: root
+    shell: /bin/bash
+    password: "{{ genPass.stdout | password_hash('sha512') }}"
+
+- name: Change admin password
+  user:
+    name: "{{ ansible_user }}"
+    shell: /bin/bash
+    password: "{{ genPass.stdout | password_hash('sha512') }}"         
+
				`@@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCRkk8xkOAL5omrUASGOEEiKHaLeQDsKEnB8K8VZ6TRfDXSMciXK4ys7d+Y2sCs4pOnARoBrnDQ96B3AtiUYommoDU3byYAkGA0ouAtgJe1FReSyDEcsPHa5CJy36xPykm1uj/3m+7r6wIzAQHfwBzBFP0nm+BgnD44xypkP/luqCHAWqZLjR7ndIUVnn6WvztnZcxwkN1PPw46qTR8aK2guApNeWetoZIv1v9MwEfiL6dNxe3uRW8P9ohuv5BzeLIdxLQGgHKPXkm0ywaxUu1goObRr9EwKrzB3N1gVmsakCOJNVHy/8l/IkyrivWdHTfy+QmfAfyrTPYzzewUNCNir1rLtGPDfzPzNnOhkYNaZbBrjgQ0v50O7SxaG+QjFrsgY5IUM7Vz4OoRvtwdlrYGplcAwYOlrRNoMKnegEr9XWwVAM3X+rKsh3iKuiVOPALL3fMAMWPNLlYNnNzNpaEjbe1uE6jUdAnsYSah+7Y3wdOmYniHL9Im/iAuIMP4eU= Hello red team, how are you today